In his post titled Microsoft Office 2011 for Mac: The Jackpot Vulnerabilty, Mac administrator Dave Castelletti exposed a serious new vulnerability introduced by the recently updated Office for Mac 2011 14.2.0 volume license installer. Other Mac administrators have verified his findings.
The recently updated installer leaves the Microsoft Office 2011 folder, which is installed by default into the top level Applications folder, with full world-writable permissions. These permissions allow any Standard Mac OS X user or user process, such as a script, to modify the contents of the folder.
Other pieces of Microsoft Office 2011 found in the top level Library folder have correct permissions.
Volume license customers (typically enterprise and higher education institutions) can download a full Microsoft Office 2011 14.2.0 installer from the Microsoft Volume Licensing Service Center (VLSC). This allows them to bypass having to install earlier updates for quicker deployments and lower administrative overhead. This is not the same installer used by home or small business consumers.
Another Mac administrator Rich Trouton has posted Fixing permissions after installing the Office 2011 SP 2 12.2.0 full installer on his blog, which includes a script correcting permissions on this folder. He also offers an Apple Installer package that contains the script for easier deployment.
This vulnerability does not affect:
- Retail Home & Student versions
- Retail Home & Business versions
- The current trial version available for download from Microsoft’s website
- Anyone using the Office for Mac 2011 14.2.0 or higher updater to update older versions of Office for Mac 2011
News of this vulnerability adds to the list of problems that have plagued the recent 14.2.0 update, which was released April 12. Less than a week after its release Microsoft pulled the update from its AutoUpdate service because of potential Outlook data loss for any consumer, lost licensing files for volume license customers and installer scripts that interfered with deployment in managed Mac environments.